[Cryptography] Verisimilitrust

John Denker jsd at av8n.com
Sun Jan 10 02:05:15 EST 2016


On 01/09/2016 07:29 PM, Phillip Hallam-Baker wrote:

> The WebPKI was designed for the purpose of allowing people to buy
> stuff from online stores with at least the same degree of security as
> through traditional mail order or in traditional stores. That is all
> it was ever designed to do. If you are upset that it is not proof
> against certain attacks ask yourselves why you were using a system
> that was never designed to meet those requirements.
> 
> Oh thats right, the WebPKI is the only open PKI that has ever been
> deployed and become ubiquitous. Plenty of folk had much better ideas
> about how to make much more capable systems than I ever did. Which is
> of course why you have all been using them for the past decade.

That's interesting, but I thought the original question that Peter 
Gutmann asked on 01/08/2016 02:09 AM was:

>> what to do about
>> Kazakhstan requesting that their MITM certificate be added to the browser
>> trust lists

If e-commerce is where the rubber meets the road, this question 
is very nearby.  It is where the tires get attached the car.
So what's the answer?

  1) Add the CA to the list, because the WebPKI was only
   designed to facilitate e-commerce.

  2) Don't add the CA to the list, because the WebPKI was only
   designed to facilitate e-commerce.

  3) .....?????



More information about the cryptography mailing list